Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93121 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Resolved] Unknow rootkit?

Started by bakeneko , May 10 2010 03:10 AM

  • This topic is locked This topic is locked
31 replies to this topic

#16 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 17 May 2010 - 06:00 AM

OTL Fix
Run OTL.exe
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    :Processes
explorer.exe
:Files
C:\Windows\System32\acovcnt.exe
C:\Users\Allan\Desktop\fw9iwbq2d.exe
C:\Users\Allan\Desktop\hqxi7ni5.exe
C:\Users\Allan\Desktop\fw9iwbq2d.exe
C:\Windows\ssndii.exe
:Commands
[RESETHOSTS] 
[purity]
[start explorer]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

    Advertisements

Register to Remove

#17 bakeneko

bakeneko

    New Member

  • Authentic Member
  • Pip
  • 15 posts

Posted 17 May 2010 - 07:11 AM

Hi I run the OTL-fix as requested, got the following log on re-boot: ========== PROCESSES ========== Process explorer.exe killed successfully! ========== FILES ========== C:\Windows\System32\acovcnt.exe moved successfully. C:\Users\Allan\Desktop\fw9iwbq2d.exe moved successfully. C:\Users\Allan\Desktop\hqxi7ni5.exe moved successfully. File\Folder C:\Users\Allan\Desktop\fw9iwbq2d.exe not found. C:\Windows\ssndii.exe moved successfully. ========== COMMANDS ========== C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTL by OldTimer - Version 3.2.4.1 log created on 05172010_150414 Files\Folders moved on Reboot... Registry entries deleted on Reboot... However, I still see the file: C:\Windows\System32\acovcnt.exe How shall I proceed?

#18 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 17 May 2010 - 07:57 AM

Try running combofix now.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

#19 bakeneko

bakeneko

    New Member

  • Authentic Member
  • Pip
  • 15 posts

Posted 17 May 2010 - 02:19 PM

Hi It ran fine, but after restart it seemed to have frozen, it was stuck for several hours (3-4) on the "preparing log" message. As nothing worked, I had to do a hard reset, and now I just get a black screen with the mouse cursor when the computer start loading Vista. I have already tried going in with safe mode and the "restore to last good configuration", but no luck. So i'm using another computer to look around and I'll see what I can find regarding this issue.

#20 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 17 May 2010 - 05:19 PM

Open Task Manager and look for any processes ending in .cfexe and kill them, one at a time, until CF freed up

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

#21 bakeneko

bakeneko

    New Member

  • Authentic Member
  • Pip
  • 15 posts

Posted 18 May 2010 - 02:21 PM

Problem is that i get a black screen and a cursor I can move around, but nothing happens, and ctrl+alt+del don't work to bring up the task manager. As Vista came pre-installed on the lap-top, I don't have a isntallation disk for it, only recovery partition. I will try to borrow a vista install disk from someone, and see what options there will be to recover it.

#22 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 18 May 2010 - 03:19 PM

OTLPE


Hopefully you have access to a computer that can burn CD's

We will need to make a BOOT CD

Print these instruction out so that you know what you are doing.

Two programs to download

First

Please download ISOBurner and save it to your desktop. This program will allow you to burn OTLPE.ISO to make a bootable CD.
  • Double click the ISOBurner set up icon to install the program, from there on in it is fairly automatic.
  • There are Instructions for the iso burner here if you need them.

Second


  • Download OTLPE.iso save it to your desktop. Now burn OTLPE.iso to a CD using ISO Burner. {NOTE: This file is 276.7 MB in size so it may take some time to download.)
  • When downloaded double click OTLPE.iso > this will then open ISOBurner to burn the file to CD

  • Reboot the infected system using the boot CD you just created.
    Note : If you do not know how to set your computer to boot from CD follow the steps here
  • Your system should now display a Reatogo desktop.
    Note : as you are running from CD it is not exactly speedy
  • Double-click on the OTLPE icon.
  • Select the Windows folder of the infected drive if it asks for a location
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start. Change the following settings
    • Change Drivers to Safe List
    • Under the Custom Scan box paste this in
      /md5start
      iaStor.sys
      nvstor.sys
      atapi.sys
      nvata.sys
      iastorv.sys
      mountmgr.sys
      /md5stop
  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\OTL.txt
  • Copy this file to your USB drive if you do not have internet connection on this system.
  • Right click the file and select send to : select the USB drive.
  • Confirm that it has copied to the USB drive by selecting it
  • You can backup any files that you wish from this OS
  • Please post the contents of the C:\OTL.txt file in your reply.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

#23 bakeneko

bakeneko

    New Member

  • Authentic Member
  • Pip
  • 15 posts

Posted 19 May 2010 - 05:41 AM

Hi Ok, I'm going to buy a external case for the harddrive, connect it to another computer and copy over all the important documents/files, before following the instructions in your last post. I figure it should be safe, as long as I disable autorun and don't run any executables of it, right? I have most stuffed backed up anyways, just the most recent stuff I was working on the last couple of days that i really need to rescue.

#24 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 19 May 2010 - 05:45 AM

Hi

Ok, I'm going to buy a external case for the harddrive, connect it to another computer and copy over all the important documents/files, before following the instructions in your last post. I figure it should be safe, as long as I disable autorun and don't run any executables of it, right? I have most stuffed backed up anyways, just the most recent stuff I was working on the last couple of days that i really need to rescue.

That should work if you can access the drive / data on the drive.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

#25 bakeneko

bakeneko

    New Member

  • Authentic Member
  • Pip
  • 15 posts

Posted 19 May 2010 - 01:44 PM

Hi

Ok, I run the OTLPE. For some reason no usb-device showed up in the explorer, but I managed to figure out i could copy the file to it from commandline :)

Below is the logfile:

OTL logfile created on: 5/19/2010 10:11:37 PM - Run
OTLPE by OldTimer - Version 3.1.39.0 Folder = X:\Programs\OTLPE
Windows Vista ™ Home Premium Service Pack 2 (Version = 6.0.6002) - Type = System
Internet Explorer (Version = 8.0.6001.18904)
Locale: 0000041D | Country: Sweden | Language: SVE | Date Format: yyyy-MM-dd

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 91.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116.44 Gb Total Space | 91.13 Gb Free Space | 78.26% Space Free | Partition Type: NTFS
Drive D: | 108.63 Gb Total Space | 35.49 Gb Free Space | 32.67% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive X: | 280.77 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO
Current User Name: SYSTEM
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
Using ControlSet: ControlSet002

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto] -- -- (PEVSystemStart)
SRV - [2010/05/06 16:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/05/06 16:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/05/06 16:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [Auto] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/04/30 01:59:59 | 001,285,864 | ---- | M] (Lavasoft) [Disabled] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009/09/24 21:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/06/17 06:18:42 | 006,582,912 | ---- | M] () [Disabled] -- c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe -- (wampmysqld)
SRV - [2009/04/17 13:51:06 | 000,025,824 | ---- | M] (Memeo) [Auto] -- C:\Program Files\WD\WD Anywhere Backup\MemeoBackgroundService.exe -- (MemeoBackgroundService)
SRV - [2008/12/09 20:10:14 | 000,024,636 | ---- | M] (Apache Software Foundation) [Disabled] -- c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe -- (wampapache)
SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/19 03:36:49 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008/01/19 03:36:15 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007/10/23 22:02:16 | 000,358,936 | ---- | M] (Intel Corporation) [Auto] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMON.EXE -- (IAANTMON) Intel®
SRV - [2007/08/08 04:08:40 | 000,094,208 | ---- | M] () [Auto] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2007/08/03 16:24:54 | 000,125,496 | ---- | M] () [Auto] -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe -- (spmgr)
SRV - [2007/06/01 15:00:20 | 000,647,168 | ---- | M] (Intel Corporation) [Auto] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel®
SRV - [2007/06/01 14:41:30 | 000,327,680 | ---- | M] (Intel Corporation) [Auto] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel®
SRV - [2007/02/22 10:32:30 | 000,140,832 | ---- | M] (Infineon Technologies AG) [Auto] -- C:\Windows\System32\IfxPsdSv.exe -- (PersonalSecureDriveService)
SRV - [2007/02/06 13:30:00 | 000,074,240 | R--- | M] (Cognizance Corporation) [Auto] -- C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWLNPkg.dll -- (ASBroker)
SRV - [2007/02/05 22:13:14 | 000,094,208 | ---- | M] () [Auto] -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService)
SRV - [2006/06/21 06:14:00 | 000,131,584 | R--- | M] (Cognizance Corporation) [Auto] -- C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASChnl.dll -- (ASChannel)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand] -- -- (MEMSWEEP2)
DRV - File not found [Kernel | On_Demand] -- -- (lvupdtio)
DRV - File not found [Kernel | On_Demand] -- -- (IpInIp)
DRV - File not found [Kernel | Auto] -- -- (DgiVecp)
DRV - File not found [Kernel | On_Demand] -- -- (catchme)
DRV - [2010/05/11 00:57:59 | 000,308,248 | ---- | M] (Intel Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\iaStor.sys -- (iaStor)
DRV - [2010/05/06 16:39:23 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/05/06 16:39:00 | 000,164,048 | ---- | M] (ALWIL Software) [Kernel | System] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/05/06 16:34:27 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | System] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/05/06 16:34:10 | 000,051,792 | ---- | M] (ALWIL Software) [File_System | Auto] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2010/05/06 16:33:47 | 000,019,024 | ---- | M] (ALWIL Software) [File_System | Auto] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/03/19 17:07:28 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/02/04 11:53:02 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot] -- C:\Windows\System32\drivers\Lbd.sys -- (Lbd)
DRV - [2009/07/01 19:59:00 | 009,786,752 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/04/11 00:42:54 | 000,073,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/01/19 03:42:12 | 000,045,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2008/01/19 01:57:16 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\MODEMCSA.sys -- (MODEMCSA)
DRV - [2007/11/21 21:45:30 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto] -- C:\Windows\System32\drivers\SSPORT.SYS -- (SSPORT)
DRV - [2007/10/31 07:56:00 | 000,046,592 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\l160x86.sys -- (AtcL001)
DRV - [2007/10/15 03:39:26 | 000,206,336 | ---- | M] (eMPIA Technology Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\etFilter.sys -- (FiltUSBET)
DRV - [2007/09/26 19:03:42 | 000,015,416 | ---- | M] (Windows ® Codename Longhorn DDK provider) [File_System | Boot] -- C:\Windows\System32\drivers\lullaby.sys -- (lullaby)
DRV - [2007/09/06 11:45:22 | 000,006,656 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\etScan.sys -- (ScanUSBET)
DRV - [2007/09/06 04:43:50 | 000,474,624 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\etDevice.sys -- (DCamUSBET)
DRV - [2007/08/28 04:46:38 | 001,951,000 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/08/03 00:26:22 | 000,020,936 | ---- | M] () [Kernel | Auto] -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys -- (ghaio)
DRV - [2007/07/24 15:09:04 | 000,013,880 | ---- | M] () [Kernel | Auto] -- C:\Program Files\ATKGFNEX\ASMMAP.sys -- (ASMMAP)
DRV - [2007/06/20 16:51:28 | 002,222,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel®
DRV - [2007/06/17 01:29:08 | 000,146,824 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atswpdrv.sys -- (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor)
DRV - [2007/03/22 02:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/03/02 17:24:30 | 000,182,456 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2007/02/24 18:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/01/24 06:08:40 | 000,005,632 | ---- | M] ( ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr)
DRV - [2007/01/23 20:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/01/23 08:07:30 | 000,039,080 | ---- | M] (Infineon Technologies AG) [Kernel | System] -- C:\Windows\System32\drivers\psd.sys -- (PersonalSecureDrive)
DRV - [2006/12/14 03:11:58 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor)
DRV - [2006/11/24 13:35:00 | 000,982,272 | ---- | M] (Motorola Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2006/11/02 05:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 05:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 05:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 05:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 05:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 05:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 05:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 05:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 05:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 05:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 05:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 05:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 05:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 05:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 05:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 05:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 05:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 05:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 05:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 05:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 05:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 05:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 05:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 05:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 05:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 05:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 05:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 05:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 05:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 05:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 05:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 05:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 05:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 04:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 04:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 04:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 04:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 04:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 04:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 03:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 03:30:56 | 000,044,544 | ---- | M] (Realtek Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2006/11/02 03:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel®
DRV - [2006/11/02 03:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2006/10/18 22:10:57 | 001,380,864 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\igdkmd32.sys -- (ialm)
DRV - [2006/05/16 13:14:00 | 000,023,232 | R--- | M] (Cognizance Corporation) [Kernel | System] -- C:\Windows\System32\drivers\itsdisk.sys -- (ItSDisk)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Allan_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.asus.com
IE - HKU\Allan_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\Allan_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0




========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "google.com"
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.74
FF - prefs.js..extensions.enabledItems: sv@dictionaries.addons.mozilla.org:1.41
FF - prefs.js..extensions.enabledItems: en-US@dictionaries.addons.mozilla.org:4.0.0
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.5.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/26 03:10:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/26 03:10:15 | 000,000,000 | ---D | M]

[2010/02/25 17:44:50 | 000,000,000 | ---D | M] -- C:\Users\Allan\AppData\Roaming\Mozilla\Extensions
[2010/05/17 04:55:54 | 000,000,000 | ---D | M] -- C:\Users\Allan\AppData\Roaming\Mozilla\Firefox\Profiles\wuq99le7.default\extensions
[2010/04/27 14:26:41 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Allan\AppData\Roaming\Mozilla\Firefox\Profiles\wuq99le7.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/05/04 01:03:47 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Allan\AppData\Roaming\Mozilla\Firefox\Profiles\wuq99le7.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/02/26 05:13:42 | 000,000,000 | ---D | M] -- C:\Users\Allan\AppData\Roaming\Mozilla\Firefox\Profiles\wuq99le7.default\extensions\en-US@dictionaries.addons.mozilla.org
[2010/05/06 17:48:39 | 000,000,000 | ---D | M] -- C:\Users\Allan\AppData\Roaming\Mozilla\Firefox\Profiles\wuq99le7.default\extensions\firebug@software.joehewitt.com
[2010/02/25 18:45:19 | 000,000,000 | ---D | M] -- C:\Users\Allan\AppData\Roaming\Mozilla\Firefox\Profiles\wuq99le7.default\extensions\sv@dictionaries.addons.mozilla.org
[2010/04/17 15:59:26 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/02/25 18:47:09 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/04/17 15:59:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/04/17 15:59:07 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/02/04 09:01:14 | 000,220,472 | ---- | M] (SecMaker AB) -- C:\Program Files\Mozilla Firefox\plugins\npiidplg.dll
[2010/01/15 20:55:13 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/01/15 20:55:13 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/01/15 20:55:13 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/01/15 20:55:13 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/05/17 09:04:15 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (ASUS Security Protect Manager) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
O4 - HKLM..\Run: [ASUS Camera ScreenSaver] C:\Windows\ASScrProlog.exe ()
O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe ()
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMedia.exe (ASUSTeK Computer INC.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [CognizanceTS] C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASTSVCC.dll (Cognizance Corporation)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAANOTIF.EXE (Intel Corporation)
O4 - HKLM..\Run: [Net iD] C:\Program Files\Net iD\iid.exe (SecMaker AB)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\ssmmgr.exe ()
O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [WD Anywhere Backup] C:\Program Files\WD\WD Anywhere Backup\MemeoLauncher2.exe (Memeo Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [*Restore] C:\Windows\System32\rstrui.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Allan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\gnotify.exe - Shortcut.lnk = C:\Program Files\Google\Gmail Notifier\gnotify.exe (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\Allan_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\Allan_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\LocalService_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\NetworkService_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\systemprofile_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O22 - SharedTaskScheduler: {1984DD45-52CF-49cd-AB77-18F378FEA264} - FencesShellExt - C:\Program Files\Stardock\Fences\FencesMenu.dll (Stardock)
O24 - Desktop WallPaper: D:\Documents\Backgrounds\02179_piertonowhere_1920x1200.jpg
O24 - Desktop BackupWallPaper: D:\Documents\Backgrounds\02179_piertonowhere_1920x1200.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/05/19 14:31:34 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/05/17 15:32:28 | 000,000,000 | -HSD | C] -- C:\found.000
[2010/05/17 12:53:55 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/05/17 12:53:55 | 000,000,000 | ---D | C] -- C:\Users\Allan\AppData\Local\temp
[2010/05/17 12:24:24 | 000,000,000 | ---D | C] -- C:\ComboFix
[2010/05/17 10:02:36 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/05/17 09:04:14 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/05/17 02:21:05 | 000,571,392 | ---- | C] (OldTimer Tools) -- C:\Users\Allan\Desktop\OTL.exe
[2010/05/13 04:15:21 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/05/11 04:08:11 | 000,000,000 | ---D | C] -- C:\Users\Allan\AppData\Local\Adobe
[2010/05/11 02:26:31 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/05/11 02:26:31 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/05/11 02:26:31 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/05/11 02:22:21 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/05/11 01:17:13 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Users\Allan\Desktop\ATF_Cleaner.exe
[2010/05/10 03:03:12 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/05/10 03:01:30 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/05/10 02:39:41 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2010/05/09 10:59:49 | 000,000,000 | ---D | C] -- C:\Windows\System32\catroot2
[2010/05/09 03:19:56 | 000,000,000 | ---D | C] -- C:\Users\Allan\AppData\Roaming\Malwarebytes
[2010/05/09 03:19:49 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/05/09 03:19:48 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/05/09 03:19:48 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/05/08 03:53:16 | 000,000,000 | ---D | C] -- C:\Users\Allan\AppData\Roaming\phpDesigner
[2010/05/08 03:53:16 | 000,000,000 | ---D | C] -- C:\Program Files\phpDesigner
[2010/04/26 03:10:15 | 000,000,000 | ---D | C] -- C:\Program Files\Net iD
[2010/04/26 03:09:44 | 000,000,000 | ---D | C] -- C:\Users\Allan\AppData\Roaming\iid
[2010/04/23 02:05:00 | 000,000,000 | ---D | C] -- C:\Users\Allan\Documents\Downloads
[2010/04/23 02:03:12 | 000,000,000 | ---D | C] -- C:\Users\Allan\AppData\Local\Google
[2010/04/23 01:56:15 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2010/04/23 01:56:15 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2010/04/23 01:56:13 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2010/04/23 01:55:14 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2010/04/22 08:05:24 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010/02/25 19:28:13 | 000,005,632 | ---- | C] ( ) -- C:\Windows\System32\drivers\kbfiltr.sys

========== Files - Modified Within 30 Days ==========

[2010/05/18 17:43:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/05/18 17:33:51 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/05/18 17:33:51 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/05/18 17:33:50 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/05/18 17:33:45 | 3220,430,848 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/17 16:08:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3899043805-2102556902-2462334787-1000UA.job
[2010/05/17 10:00:16 | 003,690,041 | R--- | M] () -- C:\Users\Allan\Desktop\ComboFix.exe
[2010/05/17 09:22:00 | 000,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/05/17 09:22:00 | 000,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/05/17 09:22:00 | 000,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/05/17 09:14:23 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe
[2010/05/17 09:13:08 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/05/17 09:12:56 | 003,102,270 | -H-- | M] () -- C:\Users\Allan\AppData\Local\IconCache.db
[2010/05/17 09:04:15 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2010/05/17 08:59:41 | 000,460,951 | ---- | M] () -- C:\Users\Allan\Desktop\Kraft%2C_Tyngd_och_Kvickhet_%C3%A5t_Folket_%28Min_Opublicerade_bok%29.zip
[2010/05/17 03:55:55 | 000,040,960 | ---- | M] () -- C:\Users\Allan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/17 02:46:06 | 000,000,993 | ---- | M] () -- C:\Users\Allan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\gnotify.exe - Shortcut.lnk
[2010/05/17 02:21:10 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Users\Allan\Desktop\OTL.exe
[2010/05/17 02:08:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3899043805-2102556902-2462334787-1000Core.job
[2010/05/15 02:50:19 | 000,001,356 | ---- | M] () -- C:\Users\Allan\AppData\Local\d3d9caps.dat
[2010/05/14 09:48:21 | 006,185,383 | ---- | M] () -- C:\Users\Allan\Desktop\20100423-398253-en-1.pdf
[2010/05/11 17:13:53 | 000,101,131 | ---- | M] () -- C:\Users\Allan\Desktop\New OpenDocument Text (2).odt
[2010/05/11 16:44:25 | 000,147,571 | ---- | M] () -- C:\Users\Allan\Desktop\question 13-14-15.jpg
[2010/05/11 11:17:16 | 302,009,844 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/05/11 10:54:13 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010/05/11 05:50:29 | 000,013,543 | ---- | M] () -- C:\Users\Allan\Desktop\New OpenDocument Text (2).pdf
[2010/05/11 05:19:05 | 000,201,314 | ---- | M] () -- C:\Users\Allan\Desktop\Survey Results Area.pdf
[2010/05/11 05:13:04 | 000,007,334 | ---- | M] () -- C:\Users\Allan\Desktop\New OpenDocument Text.odt
[2010/05/11 01:51:51 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010/05/11 01:17:14 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Users\Allan\Desktop\ATF_Cleaner.exe
[2010/05/11 00:57:59 | 000,308,248 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\iaStor.sys
[2010/05/10 07:40:27 | 000,122,409 | ---- | M] () -- C:\Users\Allan\Desktop\BHUSA09-Guerra-EconomicsCyberCrime-PAPER.pdf
[2010/05/10 04:18:31 | 000,359,929 | ---- | M] () -- C:\Users\Allan\Desktop\dds.scr
[2010/05/10 03:04:25 | 000,050,477 | ---- | M] () -- C:\Users\Allan\Desktop\Defogger.exe
[2010/05/10 03:01:30 | 000,000,740 | ---- | M] () -- C:\Users\Allan\Desktop\NTREGOPT.lnk
[2010/05/10 03:01:30 | 000,000,721 | ---- | M] () -- C:\Users\Allan\Desktop\ERUNT.lnk
[2010/05/10 03:00:08 | 000,018,463 | ---- | M] () -- C:\Users\Allan\Desktop\sysrest_fails.jpg
[2010/05/08 18:31:36 | 000,080,896 | ---- | M] () -- C:\Users\Allan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini.x
[2010/05/08 11:33:14 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2010/05/08 04:29:22 | 000,027,540 | ---- | M] () -- C:\Users\Allan\AppData\Roaming\phpdesigner.xml
[2010/05/08 03:53:26 | 000,000,789 | ---- | M] () -- C:\Users\Allan\Desktop\phpDesigner 7.lnk
[2010/05/06 16:59:36 | 000,165,032 | ---- | M] (ALWIL Software) -- C:\Windows\System32\aswBoot.exe
[2010/05/06 16:39:23 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2010/05/06 16:39:00 | 000,164,048 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys
[2010/05/06 16:34:27 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2010/05/06 16:34:10 | 000,051,792 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2010/05/06 16:33:47 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2010/05/06 09:05:51 | 000,237,568 | ---- | M] () -- C:\Windows\System32\rmc_rtspdl.dll
[2010/05/06 09:05:51 | 000,156,672 | ---- | M] (Radioactive) -- C:\Windows\System32\rmc_fixasf.exe
[2010/05/06 09:05:49 | 000,323,584 | ---- | M] (Stefan Toengi) -- C:\Windows\System32\AUDIOGENIE2.DLL
[2010/05/06 04:36:38 | 000,221,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010/04/30 00:59:01 | 000,255,728 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/04/29 16:44:54 | 000,009,700 | ---- | M] () -- C:\Users\Allan\Desktop\referenser.odt
[2010/04/29 09:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/04/29 09:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/04/27 04:34:21 | 000,157,127 | ---- | M] () -- C:\Users\Allan\Desktop\my_poor_hd2.jpg
[2010/04/26 09:58:12 | 000,256,512 | ---- | M] () -- C:\Windows\PEV.exe
[2010/04/26 05:13:59 | 000,014,599 | ---- | M] () -- C:\Users\Allan\Desktop\logga-redan-valt.png
[2010/04/23 17:03:12 | 000,158,782 | ---- | M] () -- C:\Users\Allan\Desktop\mickipedia.jpg
[2010/04/23 01:56:13 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2010/04/23 01:56:12 | 000,015,880 | ---- | M] () -- C:\Windows\System32\lsdelete.exe
[2010/04/22 09:18:50 | 000,019,704 | ---- | M] () -- C:\Users\Allan\Desktop\osC emails.ods

========== Files Created - No Company Name ==========

[2010/05/18 16:57:33 | 3220,430,848 | -HS- | C] () -- C:\hiberfil.sys
[2010/05/17 09:06:25 | 000,045,056 | ---- | C] () -- C:\Windows\System32\acovcnt.exe
[2010/05/17 08:59:33 | 000,460,951 | ---- | C] () -- C:\Users\Allan\Desktop\Kraft%2C_Tyngd_och_Kvickhet_%C3%A5t_Folket_%28Min_Opublicerade_bok%29.zip
[2010/05/17 02:46:06 | 000,000,993 | ---- | C] () -- C:\Users\Allan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\gnotify.exe - Shortcut.lnk
[2010/05/14 09:48:17 | 006,185,383 | ---- | C] () -- C:\Users\Allan\Desktop\20100423-398253-en-1.pdf
[2010/05/11 16:44:25 | 000,147,571 | ---- | C] () -- C:\Users\Allan\Desktop\question 13-14-15.jpg
[2010/05/11 09:42:04 | 003,690,041 | R--- | C] () -- C:\Users\Allan\Desktop\ComboFix.exe
[2010/05/11 05:27:42 | 000,013,543 | ---- | C] () -- C:\Users\Allan\Desktop\New OpenDocument Text (2).pdf
[2010/05/11 05:18:47 | 000,201,314 | ---- | C] () -- C:\Users\Allan\Desktop\Survey Results Area.pdf
[2010/05/11 05:15:45 | 000,101,131 | ---- | C] () -- C:\Users\Allan\Desktop\New OpenDocument Text (2).odt
[2010/05/11 05:13:04 | 000,007,334 | ---- | C] () -- C:\Users\Allan\Desktop\New OpenDocument Text.odt
[2010/05/11 02:26:31 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/05/11 02:26:31 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/05/11 02:26:31 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/05/11 02:26:31 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/05/11 02:26:31 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/05/10 07:40:27 | 000,122,409 | ---- | C] () -- C:\Users\Allan\Desktop\BHUSA09-Guerra-EconomicsCyberCrime-PAPER.pdf
[2010/05/10 04:18:31 | 000,359,929 | ---- | C] () -- C:\Users\Allan\Desktop\dds.scr
[2010/05/10 03:04:25 | 000,050,477 | ---- | C] () -- C:\Users\Allan\Desktop\Defogger.exe
[2010/05/10 03:01:30 | 000,000,740 | ---- | C] () -- C:\Users\Allan\Desktop\NTREGOPT.lnk
[2010/05/10 03:01:30 | 000,000,721 | ---- | C] () -- C:\Users\Allan\Desktop\ERUNT.lnk
[2010/05/10 03:00:07 | 000,018,463 | ---- | C] () -- C:\Users\Allan\Desktop\sysrest_fails.jpg
[2010/05/09 04:18:43 | 000,040,960 | ---- | C] () -- C:\Users\Allan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/08 04:29:22 | 000,027,540 | ---- | C] () -- C:\Users\Allan\AppData\Roaming\phpdesigner.xml
[2010/05/08 03:53:26 | 000,000,789 | ---- | C] () -- C:\Users\Allan\Desktop\phpDesigner 7.lnk
[2010/05/03 09:55:34 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010/04/29 14:45:11 | 000,009,700 | ---- | C] () -- C:\Users\Allan\Desktop\referenser.odt
[2010/04/27 04:34:21 | 000,157,127 | ---- | C] () -- C:\Users\Allan\Desktop\my_poor_hd2.jpg
[2010/04/26 05:13:59 | 000,014,599 | ---- | C] () -- C:\Users\Allan\Desktop\logga-redan-valt.png
[2010/04/23 17:03:24 | 000,158,782 | ---- | C] () -- C:\Users\Allan\Desktop\mickipedia.jpg
[2010/04/23 02:37:46 | 000,015,880 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2010/04/23 02:03:13 | 000,000,908 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3899043805-2102556902-2462334787-1000UA.job
[2010/04/23 02:03:13 | 000,000,856 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3899043805-2102556902-2462334787-1000Core.job
[2010/04/22 08:07:14 | 000,019,704 | ---- | C] () -- C:\Users\Allan\Desktop\osC emails.ods
[2010/04/07 14:21:12 | 000,237,568 | ---- | C] () -- C:\Windows\System32\rmc_rtspdl.dll
[2010/03/23 17:26:39 | 000,001,356 | ---- | C] () -- C:\Users\Allan\AppData\Local\d3d9caps.dat
[2010/03/19 04:16:22 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010/03/19 04:16:22 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2010/03/19 04:16:17 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2010/03/19 04:16:17 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010/03/19 04:16:17 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010/03/19 04:16:15 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010/03/19 04:16:15 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2010/03/08 11:14:11 | 000,090,112 | ---- | C] () -- C:\Windows\System32\SaSegFlt.dll
[2010/03/08 11:14:10 | 000,270,336 | ---- | C] () -- C:\Windows\System32\SaMinDrv.dll
[2010/03/08 11:14:10 | 000,106,496 | ---- | C] () -- C:\Windows\System32\SaImgFlt.dll
[2010/03/08 11:14:10 | 000,061,440 | ---- | C] () -- C:\Windows\System32\SaErHdlr.dll
[2010/02/27 19:10:27 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010/02/25 19:41:55 | 000,012,288 | ---- | C] () -- C:\Windows\impborl.dll
[2010/02/25 19:29:42 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2010/02/25 19:27:52 | 000,049,152 | ---- | C] () -- C:\Windows\revdevdll.dll
[2010/02/25 19:11:36 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2010/02/25 18:55:41 | 000,080,896 | ---- | C] () -- C:\Users\Allan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini.x
[2010/02/25 18:22:54 | 000,027,839 | ---- | C] () -- C:\Users\Allan\AppData\Roaming\nvModes.001
[2010/02/25 18:21:02 | 000,027,839 | ---- | C] () -- C:\Users\Allan\AppData\Roaming\nvModes.dat
[2009/10/25 22:58:00 | 000,022,723 | ---- | C] () -- C:\Windows\System32\ssw1ml3.dll
[2007/06/01 14:58:40 | 000,999,424 | ---- | C] () -- C:\Windows\System32\WLIHVUI.dll
[2007/04/20 01:18:10 | 000,000,010 | ---- | C] () -- C:\Windows\System32\ABLKSR.ini
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005/04/02 19:30:00 | 000,110,592 | R--- | C] () -- C:\Windows\System32\scardsyn.dll
[1998/05/06 00:10:00 | 000,069,632 | R--- | C] () -- C:\Windows\System32\ODMA32.dll

========== LOP Check ==========

[2010/03/29 08:43:59 | 000,000,000 | ---D | M] -- C:\Users\Allan\AppData\Roaming\Audacity
[2010/05/17 09:03:27 | 000,000,000 | ---D | M] -- C:\Users\Allan\AppData\Roaming\Azureus
[2010/03/20 04:06:20 | 000,000,000 | ---D | M] -- C:\Users\Allan\AppData\Roaming\DAEMON Tools Lite
[2010/05/11 05:57:07 | 000,000,000 | ---D | M] -- C:\Users\Allan\AppData\Roaming\Dropbox
[2010/05/04 05:28:03 | 000,000,000 | ---D | M] -- C:\Users\Allan\AppData\Roaming\FileZilla
[2010/03/13 13:39:54 | 000,000,000 | ---D | M] -- C:\Users\Allan\AppData\Roaming\GHISLER
[2010/04/26 03:14:00 | 000,000,000 | ---D | M] -- C:\Users\Allan\AppData\Roaming\iid
[2010/02/25 20:21:11 | 000,000,000 | ---D | M] -- C:\Users\Allan\AppData\Roaming\Infineon
[2010/03/19 02:48:42 | 000,000,000 | ---D | M] -- C:\Users\Allan\AppData\Roaming\MySQL
[2010/02/26 05:26:26 | 000,000,000 | ---D | M] -- C:\Users\Allan\AppData\Roaming\OpenOffice.org
[2010/05/08 04:29:21 | 000,000,000 | ---D | M] -- C:\Users\Allan\AppData\Roaming\phpDesigner
[2010/03/25 12:26:51 | 000,000,000 | ---D | M] -- C:\Users\Allan\AppData\Roaming\Stardock
[2010/03/01 08:33:55 | 000,000,000 | ---D | M] -- C:\Users\Allan\AppData\Roaming\VirtuaWin
[2010/02/28 13:45:36 | 000,000,000 | ---D | M] -- C:\Users\Allan\AppData\Roaming\WD
[2010/05/11 01:51:51 | 000,000,370 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2010/05/17 16:21:56 | 000,032,536 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========



< MD5 for: ATAPI.SYS >
[2009/04/11 02:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Qoobox\32788R22FWJFW\atapi.sys
[2009/04/11 02:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009/04/11 02:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/11 02:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/19 03:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/19 03:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 05:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2010/02/25 16:52:44 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2010/02/25 16:52:44 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2010/02/25 16:52:43 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys

< MD5 for: IASTOR.SYS >
[2007/09/29 11:03:32 | 000,384,024 | ---- | M] (Intel Corporation) MD5=16A4671255CFB842225F0FDB6DBDB414 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IASTOR.SYS
[2007/09/29 11:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IASTOR.SYS
[2010/05/11 00:57:59 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Qoobox\32788R22FWJFW\iaStor.sys
[2010/05/11 00:57:59 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Windows\System32\drivers\iaStor.sys
[2007/09/29 11:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_7baf6192\iaStor.sys

< MD5 for: IASTORV.SYS >
[2008/01/19 03:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/19 03:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 05:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006/11/02 05:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: MOUNTMGR.SYS >
[2006/11/02 05:49:57 | 000,054,888 | ---- | M] (Microsoft Corporation) MD5=01F1E5A3E4877C931CBB31613FEC16A6 -- C:\Windows\winsxs\x86_microsoft-windows-mountpointmanager_31bf3856ad364e35_6.0.6000.16386_none_f06162ca0a1ab2c0\mountmgr.sys
[2008/01/19 03:42:28 | 000,057,400 | ---- | M] (Microsoft Corporation) MD5=BDAFC88AA6B92F7842416EA6A48E1600 -- C:\Windows\System32\drivers\mountmgr.sys
[2008/01/19 03:42:28 | 000,057,400 | ---- | M] () MD5=EE1E222BC753AA8F41860D0890F9CD98 -- C:\Qoobox\32788R22FWJFW\mountmgr.sys
[2008/01/19 03:42:28 | 000,057,400 | ---- | M] () MD5=EE1E222BC753AA8F41860D0890F9CD98 -- C:\Windows\winsxs\x86_microsoft-windows-mountpointmanager_31bf3856ad364e35_6.0.6001.18000_none_f29824c60705c394\mountmgr.sys

< MD5 for: NVSTOR.SYS >
[2006/11/02 05:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006/11/02 05:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/19 03:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/19 03:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
< End of report >

    Advertisements

Register to Remove

#26 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 20 May 2010 - 05:55 AM

Back in OTLPE

OTL Fix
Run OTL.exe
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    :Processes
explorer.exe

:Services

:Reg

:Files
C:\Windows\winsxs\x86_microsoft-windows-mountpointmanager_31bf3856ad364e35_6.0.6000.16386_none_f06162ca0a1ab2c0\mountmgr.sys /e
C:\Windows\System32\drivers\mountmgr.sys|c:\mountmgr.sys /replace
C:\Windows\System32\acovcnt.exe

:Commands
[RESETHOSTS] 
[purity]
[start explorer]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

#27 bakeneko

bakeneko

    New Member

  • Authentic Member
  • Pip
  • 15 posts

Posted 20 May 2010 - 06:37 AM

Hi I ran the tool, however, when I reboot and try to start up from harddrive, I get the same problem, etc windows starts loading, then the screen turns black with a white cursor I can move, but ctrl-alt-del and other keyboard shortcuts fails to bring up task manager. Is there anything more we can try, or shall I revert to trying to restore the laptop to factory settings and reinstall operating system?

#28 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 20 May 2010 - 03:17 PM

Can you run a new OTL scan?

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

#29 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 23 May 2010 - 01:29 PM

Do you still need help with tthis?

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

#30 bakeneko

bakeneko

    New Member

  • Authentic Member
  • Pip
  • 15 posts

Posted 24 May 2010 - 12:48 AM

Hi I really want to than you for all the help and the time you spent trying to help me. However, the procedure was taking to long time, and as I have exams approaching, I couldn't really wait it out this time, so I did a fresh install of Vista from the recovery partition on the drive, and now everything is running tip-top. Again, thanks a lot for your time Best regards

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·